Git Product home page Git Product logo

Comments (6)

robbieaverill avatar robbieaverill commented on August 17, 2024 1

Signing tags makes sense since they are a point-in-time representation of a set of changes. Signing everything doesn't make as much sense. Since you can't tag via GitHub (AFAIK?) there's no downside to enforcing this as policy when releasing new tags.

from magento-lts.

colinmollenhour avatar colinmollenhour commented on August 17, 2024

How is this enforced? Also how does this work with github's web-based "Merge" button?

from magento-lts.

Flyingmana avatar Flyingmana commented on August 17, 2024

There is no enforcement (yet)
In a far distant future tools like composer could check if a tag was signed and are able to deny install for unsigned ones.

as the web ui just adds a merge commit, it does not interfere if the commits inside this PR are signed.

For Tags, we could also sign the downloads, this would be a manual process which is I think currently useless, as for example composer would not make use of it

from magento-lts.

drobinson avatar drobinson commented on August 17, 2024

Generally I'm the one doing tagging, so please help me remember to do this next time we create a release and I'll tag it. Is it possible to sign old tags somehow @Flyingmana ?

from magento-lts.

seansan avatar seansan commented on August 17, 2024

Can we add tis to the readme? Or is there a better place? and close the issue

from magento-lts.

sreichel avatar sreichel commented on August 17, 2024

Can we add tis to the readme? Or is there a better place? and close the issue

This is something cor contribution guidelines .... working on it.

from magento-lts.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.